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DETAILED ACTION 

1 . This action is in response to the Petition Decision filed on May 1 7, 2006 and the 
Amendment filed July 10, 2006. 

2. Claim 1 has been amended and claims 2-44 have been cancelled. 

3. New claims 45-88 have been added. 

4. Claims 1 and 45-88 have been examined and are pending with this action. 

EXAMINER'S AMENDMENT 

5. An examiner's amendment to the record appears below. Should the changes 
and/or additions be unacceptable to applicant, an amendment may be filed as provided 
by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview 
with Robert C. Kowert (Reg. No 39,255) on October 11, 2006. 



6. The application has been amended as follows: 
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75. (Currently Amended) A tangible, computer-readable storage medium, 
comprising program instructions, wherein the instructions are computer-executable to: 

store access control information for a particular node of a tree of nodes 
representing entities managed by a directory server, wherein the access control 
information comprises at least one macro entry; 

in response to a request from a requester for a directory server operation 
targeted at a node of the tree, 

generate an expanded version of the access control information using the at 
least one macro entry, wherein the expanded version includes additional information 
derived from one or more attributes stored at the directory server; 

determining whether the requester has permission for the directory server 
operation, wherein said determining comprises comparing at least a portion of the 
expanded version of the access control information with one or more attribute values of 
the requester; 

in response to determining that the requester has permission, perform the 
directory server operation; and 

in response to determining that the requester does not have permission, provide 
a failure indication to the requester. 



76. (Currently Amended) The computer-readable storage medium as recited in 
claim 75, wherein the expanded version is derived at least in part by replacing the at 
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least one macro entry with at least one substitute string derived from the one or more 
attributes stored at the directory server. 

77. (Currently Amended) The computer-readable storage medium as recited in 
claim 75, wherein the request is targeted at the particular node, and wherein the 
additional information is derived from one or more attributes of the particular node. 

78. (Currently Amended) The computer-readable storage medium as recited in 
claim 75, wherein the particular node is a' root node of a subtree of other nodes of the 
tree, wherein the request is targeted at an other node of the subtree, and wherein the 
additional information is derived from one or more attributes of the other node. 

79. (Currently Amended) The computer-readable storage medium as recited in 
claim 75, wherein said determining whether the requester has permission for the 
directory server operation comprises determining whether an attribute value of the 
requester matches an attribute value specified in the expanded version of the access 
control information. 

80. (Currently Amended) The computer-readable storage medium as recited in 
claim 79, wherein the at additional information comprises a plurality of fields, wherein 
said determining whether the requester has permission for the directory server 
operation comprises: 
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in response to determining that the attribute value of the requester does not 
match the expanded version, modifying the expanded version by removing at least one 
field of the plurality of fields from the expanded version; and 

determining whether an attribute value of the requester matches an attribute 
value specified in the modified expanded version of the access control information. 

81 . (Currently Amended) The computer-readable storage medium as recited in 
claim 75, wherein the access control information comprises two or more macro entries, 
including a target macro entry in a portion of the access control information identifying a 
target object to which access is to be controlled and a subject macro entry in a portion 
of the access control information specifying attributes of requesters to whom access is 
to be provided. 

82. (Currently Amended) The computer-readable storage medium as recited in 
claim 81, wherein said generating the expanded version comprises replacing the target 
macro entry with a first substitute string, and replacing the subject macro entry with a 
second substitute string derived from the first substitute string. 

83. (Currently Amended) The computer-readable storage medium as recited in 
claim 75, wherein the at least one macro entity identifies an attribute name, wherein the 
additional information is derived from a value of an attribute identified by the attribute 
name. 
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84. (Currently Amended) The computer-readable storage medium as recited in 
claim 83, wherein the attribute identified by the attribute name is a multi-valued attribute, 
wherein the directory server stores at least a first value and a second value for the 
multi-valued attribute for the node targeted by the request, wherein the additional 
information comprises the first value of the multi-valued attribute, wherein said 
determining whether the requester has permission comprises: 

comparing a portion of the expanded version including the first value with the 
requester's value of the multi-valued attribute; 

in response to determining that the portion of the expanded version does not 
match the requester's value, generating a second expanded version of the access 
control information by replacing the first value of the multi-valued attribute in the 
expanded version with the second value of the multi-valued attribute; and 

comparing a portion of the second expanded version including the second value 
with the requester's value of the multi-valued attribute. 

85. (Currently Amended) The computer-readable storage medium as recited fn 
claim 75, wherein the additional information is derived from a distinguished name of a 
node of the tree. 

86. (Currently Amended) The computer-readable storage medium as recited in 
claim 75, wherein the at least one macro entry is included within a portion of the access 
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control information that identifies a distinguished name of a group of entities defined at 
the directory server. 

87. (Currently Amended) The computer-readable storage medium as recited in 
claim 75, wherein the at least one macro entity is included within a portion of the access 
control information that identifies a distinguished name of a role defined at the directory 
server. 

88. (Currently Amended) The computer-readable storage medium as recited in 
claim 75, wherein the at least one macro entity is included within a portion of the access 
control information that identifies at least one of: a distinguished name of a user 
identified at the directory server, a user attribute defined at the directory server, and a 
target filter used by the directory server to select nodes to which access control 
information applies. 



Allowable Subject Matter 

7. The following is an examiner's statement of reasons for allowance: 

The prior art of record does not disclose, teach, or suggest neither singly nor in 
combination the claimed limitation of "generating an expanded version of the access 
control information using the macro, wherein the expanded version comprises additional 
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information derived from one or more attributes stored at the directory server;" as 
recited in claim 1 and similarly recited in claims 45, 60, and 75. 

8. Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 

9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Michael Y. Won whose telephone number is 571-272- 
3993. The examiner can normally be reached on M-Th: 7AM-5PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Saleh Najjar can be reached on 571-272-4006. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 




